how can I delete AntivirXP08

Computing.Net > Forums > Security and Virus > how can I delete AntivirXP08

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

how can I delete AntivirXP08

Name: maysa1
Date: June 29, 2008 at 20:04:17 Pacific
OS: Window XP Home SP2
CPU/Ram: 4CPU 3.00GMZ / 512 MB
Product: Dell Dimension DIM 5000

Comment:

Hello, I am trying to get rid of virus (AntivirXP08). I have ran CCleaner, Adware and Spybot but non were able to detect the virus. I tried to run SuperAntiSpyware but I am not able to run it till the end as I keep getting an alert that a virus was detected and then immediately kicked out. I also ran my antivirus (Avast) but nothing seem to work. Thank you and I trully appreciate any help I can get :)

Sponsored Link

Ads by Google

Response Number 1

Name: btk1w1
Date: June 30, 2008 at 03:12:23 Pacific

Reply:

Heya Maysa,
Follow the thread below then assess if you need further assistance.
You will need to request HJT assistance if needed
Malware infection? Start here

Response Number 2

Name: maysa1
Date: July 1, 2008 at 11:18:53 Pacific

Reply:

hi there,
Thank you so much for your reply. I am in trouble again, you have helped me before and I really appreciate your effort again.
I have followed step 1, 2 and 3. When scanning thru Kaspersky online scanner it detected an infected folder in drive C.
I also looked at add/remove programs and the AntivirXP08 size was 11MB. After scanning with MBAM and SuperAntispywareand seleting everything it found(step 2), I checked the size again and it was 1.97MB.
Should I provide an HijackThis logfile since the virus was not deleted completely ?
Looking forward to hear from you

Response Number 3

Name: btk1w1
Date: July 1, 2008 at 15:18:45 Pacific

Reply:

Heya maysa,
Before you post the HJT log can you open Avast up from the desktop or "Start" > "All Programs" > "Avast Antivirus" > Avast Antivirus.
Once the memory test has completed click on the button at the top left (it looks like an eject button), now select "Schedule Boot-Time Scan...".
Let Avast restart your computer, it will now scan your PC before the operating system fully loads.
You will need to be present during the scan so you can select whether to "Delete", "Quarantine" or "~~Ignore~~" any found infected items.
Can you post a fresh HJT log after the scan completes.
Also can you let me know what the file path is of the infected folder
e.g. C:\Program Files\infected folder

Response Number 4

Name: maysa1
Date: July 2, 2008 at 14:12:50 Pacific

Reply:

Hi,
I did a schedule boot scan with Avast and I got it listed the following file as infected:
File C:\Documents and settiongs \Alwazir\local setting\Temp\dlgu.exe is infected by win32:Trojan-gen
Also here is the HJT log you requested:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:03:28 PM, on 02/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\AOL\1167326590\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Salaat Time\SalaatTime.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie...
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1167326590\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SalaatTime] C:\Program Files\Salaat Time\SalaatTime.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.exe (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/res...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/Div...
O17 - HKLM\System\CCS\Services\Tcpip\..\{5DF5DE05-0C55-4B59-95C4-F3D5A0AECBCA}: NameServer = 92.31.241.20 92.31.241.21
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5358BB8-0725-4522-BAB2-064805DCE546}: NameServer = 205.188.146.145
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 9065 bytes
Thank you so much for taking the time to look at it :)

Response Number 5

Name: btk1w1
Date: July 2, 2008 at 14:47:33 Pacific

Reply:

Heya maysa,
There is one entry that has a missing file that needs to be fixed. There are no bad entries showing in your HJT log.
Open HJT and click on "Do a system scan only", navigate and put a check mark next to the entries shown in red below.
Be sure to mark the correct entries as HJT does repairs at the registry level and an incorrect selection can cause serious damage to the operating system.
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
Do a search on your computer for AntivirXP08. Any entries found can safely be deleted.
Did you delete the infected file Avast detected?
Are you now able to run SUPERAntispyware completely?

i deleted realtek mac keyboard navigation trend micro uninstall password there are no items to show in this view outlook uninstall wan miniport can _restore be deleted? yahoo spirit mail button http kaspersky av scanner aol 9.5 offline malware scanner	avg boot scan Win32.Trojan.Tdss deleting superantispyware block google talk should I delete contest.dll trojan-gen win32 trojan gen infected start here win32:Trojan-gen win32/hiloti.gen!a
See More

Response Number 6

Name: maysa1
Date: July 2, 2008 at 17:33:59 Pacific

Reply:

Hi again,
I want to make sure I did this right, I put a check mark next to the entry 09-Extra button:Paltalk .... and clicked on the "fix check" button. Then another window appeared that had "Welcome to Hijackthis. This program will scan your PC and generate a log file registry and file settings commonly manipulated by malware as well as good software.
I was not sure if I needed to do anything more so I thought it would be safer not to to close the page.
I searched for entries for AntivirXPO8 and was not able to find anything. But I still was able to find it when I clicked on add/remove programs. I decided to try to remove it from that location and was successful. Does that mean it has been completely deleted ?
I have deleted the infected file Avast detected and I am able to run SUPERAntispyware completely now.
I have CCleaner, Ad-Aware, SuperAntispyware,Spybot-search & destroy and spyware blaster as was recommende by you. Is there anything I should change, add or delete? Should I delete the Malware Bytes AntiMalware (MBAM) or leave it ?
Sorry for all these questions I just want to make sure I wont get in trouble again. I truly appreciate all your help...thanks a million :)

thanks again :)

Response Number 7

Name: btk1w1
Date: July 2, 2008 at 18:51:22 Pacific

Reply:

Heya maysa,
Yeah a simple search "All files and Folders" for AntivirXPO8 on your C:\ drive or "My Computer" should be sufficient. I believe AntivirXPO8 won't at this stage have any hidden attributes.
Everything should be good from here on in.

Response Number 8

Name: maysa1
Date: July 2, 2008 at 19:00:40 Pacific

Reply:

Ohh hey, I just edited my previous post since I was able to finally delete the AntivirXP08 by clicking on remove from the Add/remove program.
Should I delete the MBAM? I have CCleaner, Ad-Aware, SuperAntispyware,Spybot-search & destroy and spyware blaster which was recommended by you.
Can't thank you enough for your time...take care

Response Number 9

Name: btk1w1
Date: July 2, 2008 at 19:25:37 Pacific

Reply:

Heya maysa,
You do have alot of anti-malware applications on your pc.
MBAM is an on call anti-malware scanner, which means it can be used anytime to clean your pc. Being on call means it doesn't tie up any system resources unless it is being used to update and scan.
The creators of Malware Bytes AntiMalware I believe specifically chose this name as it targets more than just spyware, which I believe it does very thoroughly.
Given the choice, and if I wanted to free up system resources, I would choose to remove ad-aware (free). It was once considered very good, but with the 2008 release it has slipped dramatically in the popularity stakes. I don't feel it is nearly as effective as it once used to be.
You can choose to keep them all if you wish, none of the programs you have listed above will conflict with each other.

Response Number 10

Name: jasonfres
Date: August 13, 2008 at 22:04:23 Pacific

Reply:

Download Malwarebytes’ Anti-Malware … it worked for me
Download Here - http://www.download.com/Malwarebyte...
Make sure to update the software after you install and do a quick scan (or a full one). Worked like a beauty for me
Source - http://www.virusremovalguru.com/?p=6
Please let me know if this worked for you too. My computer is now working great. =)

Response Number 11

Name: jasonfres
Date: August 19, 2008 at 10:59:55 Pacific

Reply:

Also - To fix the annoying background that results from the AntivirXP08 try this
Start by Clicking Start and then going to Run. Put regedit.exe in the Run dialog box and Press ENTER on your keyboard.
Navigate to:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
Right-click NoDispScrSavPage to select Modify.
Change the value to 0.
Source - http://virusremovalguru.com/?p=21

Sponsored Link

Ads by Google

another gnida[1].swf thre...

Infected? Start here

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: how can I delete AntivirXP08

How can I delete ilook??

Summary

www.computing.net/answers/security/how-can-i-delete-ilook/5339.html

how can I delete Smitfraud-C

Summary

www.computing.net/answers/security/how-can-i-delete-smitfraudc/22010.html

can i delete this file????

Summary

www.computing.net/answers/security/can-i-delete-this-file/5897.html

From the Geek Dictionary
Gigabyte - 10^9 eight-bit bytes. This is not to be confused with Gibibytes which is 2...

Ask a Question!

Weekly Poll
Do you think Comcast should have bought NBC?

Poll Finishes In 7 Days.
Discuss in The Lounge
Poll History

Recent Posts
Processor upgrade

Still need help

Convert .EXE to .EX_

Network Problem

motherboard sound card

All Awaiting Reply

Tom's News
Nintendo DS Flash Cards are Legal Says Judge

Go Retro: Dragon's Lair Confirmed for iPhone

Sony's PSPgo May Get External UMD Reader

Report: Teen Internet Addicts Likely to Self-Harm

Violent Games Still Marketed to Kids, Says FTC

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE